Educause Security Discussion mailing list archives

Re: Local Admin Accounts

From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 16 Sep 2009 16:42:40 -0400

This is great feedback!  Thank you very much!



Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

700 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email: raking () nsu edu

http://security.nsu.edu



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Gillett
Sent: Wednesday, September 16, 2009 4:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Admin Accounts



  At a previous employer, we wound up deploying a domain logon script for
everyone that would re-add Domain Administrators to their Local
Administrators group.



David Gillett





  _____

From: Sweeny, Jonny [mailto:jsweeny () IU EDU]
Sent: Wednesday, September 16, 2009 1:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Local Admin Accounts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

The domain administrator group must be (and this is set by

default when a system is joined to the domain) included in

all local administrator groups. Without this, systems will

drop off the domain.




Pardon me but I must correct you:



While it is true that the Domain Admins group is added to the Administrators
group when the machine joins the domain, it is *not* true that the machine
is removed from the domain when the Domain Admins are removed from this
group.  We frequently remove the Domain Admins from our Admin groups and
participate actively in domain membership.



- --

~Jonny Sweeny, GSEC, GCWN, GCIH, GWAS

Incident Response Manager, Lead Security Analyst

Office of the VP for Information Technology, Indiana University

PGP & S/MIME: http://informationsecurity.iu.edu/Jonny_Sweeny

jsweeny () iu edu -- phone: (812) 855-4194 -- fax: (812) 856-1011



-----BEGIN PGP SIGNATURE-----

Version: 9.10.0 (Build 500)

Charset: utf-8



wj8DBQFKsUPzkncdNJm5aegRAhgNAJsG4Quvi2dc4QPw6oMGV+LlnSwUEACfY8Vo

Lmpxyj7jEuMdYXwdpu93uqc=

=YY/G

-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description:

Current thread:

Re: Local Admin Accounts, (continued)
- Re: Local Admin Accounts Steven Alexander (Sep 16)
- Re: Local Admin Accounts Smith, Bob (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts Manuel Amaral (Sep 16)
- Re: Local Admin Accounts Stanclift, Michael (Sep 16)
- Re: Local Admin Accounts Sweeny, Jonny (Sep 16)
- Re: Local Admin Accounts Guy Pace (Sep 16)
- Re: Local Admin Accounts David Gillett (Sep 16)
- Re: Local Admin Accounts Guy Pace (Sep 16)
- Re: Local Admin Accounts Gary Flynn (Sep 16)
- Re: Local Admin Accounts King, Ronald A. (Sep 16)
- Re: Local Admin Accounts John Hoffoss (Sep 16)
- Re: Local Admin Accounts Strzelec, Wally (Sep 16)
- Re: Local Admin Accounts Stanclift, Michael (Sep 16)
- Re: Local Admin Accounts Eric Case (Sep 17)